Cisco is advising ISPs and other service providers using its Prime Home system to install a security update immediately – to squash a serious remote execution bug. Switchzilla says the flaw, which was given a 10.0 CVSS score, could allow an attacker to log into the software as an administrator and remotely take control of thousands upon thousands of customers’ home routers, broadband gateways and similar boxes. “An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication,” Cisco said today. “An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges.”
View full story
ORIGINAL SOURCE: The Register